diff --git a/.github/workflows/deploy_to_gcp.yml b/.github/workflows/deploy_to_gcp.yml index 2cf6a5a..bad81f7 100644 --- a/.github/workflows/deploy_to_gcp.yml +++ b/.github/workflows/deploy_to_gcp.yml @@ -8,39 +8,62 @@ on: - deploy-dev jobs: - gcp-deploy: + gcp-deploy: name: Deploy to GCP runs-on: gcloud-tf + env: + GCP_PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + GCP_SA_KEY: ${{ secrets.GCP_SA_KEY }} + REPO_NAME: ${{ github.repository }} + HASH_SUFFIX: ${{ github.sha }} + JOB_NAME: ${{ vars.JOB_NAME }} + BRANCH_NAME: ${{ github.ref_name }} steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@v3 - # checkout: - # name: Checkout code - # runs-on: ubuntu-latest - # steps: - # - name: Checkout code - # uses: actions/checkout@v3 + - name: Check Deploy Tools + run: | + ls -la + echo "Checking gcloud and terraform versions..." + gcloud --version + terraform --version + + - name: Check Gcloud auth + run: | + echo "HOME: ${HOME}" + printf '%s' "$GCP_SA_KEY" > $HOME/sa.json + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" - # gcp-deploy: - # name: Deploy to GCP - # runs-on: gcloud-tf - # steps: - # - name: Check Deploy Tools - # run: | - # gcloud --version - # terraform --version - # ls -la + gcloud auth activate-service-account --key-file="$GOOGLE_APPLICATION_CREDENTIALS" + gcloud config set project "$GCP_PROJECT_ID" + echo "Check gcloud" + gcloud config list + gcloud --version - # - name: Set up Cloud SDK - # uses: google-github-actions/setup-gcloud@v1 - # with: - # project_id: ${{ secrets.GCP_PROJECT_ID }} - # service_account_key: ${{ secrets.GCP_SA_KEY }} - # export_default_credentials: true + - name: Exec Terraform init shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/init_terraform.sh + + - name: Exec Container Image Push to Artifact Registry + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/build_image_to_gar.sh + + - name: Exec Terraform plan shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/plan_terraform.sh + + - name: Exec Terraform apply shell + run: | + export GOOGLE_APPLICATION_CREDENTIALS="$HOME/sa.json" + ./scripts/deploy/apply_terraform.sh + + - name: Clean up Gcloud auth file + run: | + rm -f $HOME/sa.json + echo "Cleaned up Gcloud auth file." - # - name: Run deployment script - # run: | - # chmod +x ./deploy.sh - # ./deploy.sh diff --git a/scripts/deploy/applay_terraform.sh b/scripts/deploy/applay_terraform.sh new file mode 100755 index 0000000..5334ae0 --- /dev/null +++ b/scripts/deploy/applay_terraform.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} + +cd "$TF_DIR" + +# --- デプロイ条件 --- +if [[ "${BRANCH_NAME:-}" =~ ^.*deploy$ ]]; then + echo "Start terraform apply (ENV=${ENV}, DIR=${TF_DIR}) ..." +else + echo "Skip terraform apply (branch=${BRANCH_NAME:-})" + exit 0 +fi + +# --- plan 結果があるか確認 --- +if [[ ! -f tfplan ]]; then + echo "ERROR: tfplan not found in $(pwd). Run plan step first." >&2 + exit 1 +fi + +terraform apply -auto-approve tfplan diff --git a/scripts/deploy/build_image_to_gar.sh b/scripts/deploy/build_image_to_gar.sh new file mode 100755 index 0000000..133bac5 --- /dev/null +++ b/scripts/deploy/build_image_to_gar.sh @@ -0,0 +1,29 @@ +#!/bin/bash +# Google Container RegistryへDockerイメージをビルドしてプッシュするスクリプト +set -euo pipefail + +# 環境変数の設定 +REGION=${REGION:-asia-northeast1} +ENV=${ENV:-dev} +JOB_NAME=${JOB_NAME} +AR_REPO_NAME="cicd-repo-${ENV}" +HASH_SUFFIX=${HASH_SUFFIX} + + +# IMAGE_URIの設定 +# ローカル実行時は epoch 秒で自動採番。 +IMAGE_URI="${REGION}-docker.pkg.dev/${GCP_PROJECT_ID}/${AR_REPO_NAME}/run-job-${JOB_NAME}-image:${HASH_SUFFIX}" + + + +echo "REGION : ${REGION}" +echo "ENV : ${ENV}" +echo "JOB_NAME : ${JOB_NAME}" +echo "HASH_SUFFIX : ${HASH_SUFFIX}" +echo "IMAGE_URI : ${IMAGE_URI}" + +# Artifact Registry への認証設定 +gcloud auth configure-docker "${REGION}-docker.pkg.dev" + +# GARへDockerイメージをビルドしてプッシュ +gcloud builds submit --tag "${IMAGE_URI}" . diff --git a/scripts/deploy/init_terraform.sh b/scripts/deploy/init_terraform.sh old mode 100644 new mode 100755 index 7e57d64..bad7202 --- a/scripts/deploy/init_terraform.sh +++ b/scripts/deploy/init_terraform.sh @@ -6,13 +6,15 @@ set -euo pipefail TF_DIR=${TF_DIR:-terraform} # GCS S3などで保存する -TF_STATE_BUCKET=${TF_STATE_BUCKET:-cicd-tfstate-bucket} +TF_STATE_BUCKET=${TF_STATE_BUCKET:-cicd-tfstate-bucket-20250906} ENV=${ENV:-dev} REPO_NAME=${REPO_NAME:-unknown} cd "$TF_DIR" +echo "$REPO_NAME" -# --- terraform init 実行 --- + +# # --- terraform init 実行 --- terraform init \ -backend-config="bucket=${TF_STATE_BUCKET}" \ -backend-config="prefix=${REPO_NAME}/${ENV}" \ diff --git a/scripts/deploy/plan_terraform.sh b/scripts/deploy/plan_terraform.sh new file mode 100755 index 0000000..3f87562 --- /dev/null +++ b/scripts/deploy/plan_terraform.sh @@ -0,0 +1,23 @@ +#!/bin/bash + +# Safe mode(when error,kill script) +set -euo pipefail + +# 変数の設定({HOME}/hash.txt からハッシュ値を取得) +TF_DIR=${TF_DIR:-terraform} +ENV=${ENV:-dev} +HASH_SUFFIX=${HASH_SUFFIX} + +cd "$TF_DIR" + +if [ -f "${ENV}.tfvars" ]; then + terraform plan \ + -out=tfplan \ + -var-file="${ENV}.tfvars" \ + -var="hash_suffix=${HASH_SUFFIX}" + +else + # error raise + echo "ERROR: ${ENV}.tfvars not found in $(pwd)" >&2 + exit 1 +fi \ No newline at end of file diff --git a/terraform/dev.tfvars b/terraform/dev.tfvars new file mode 100644 index 0000000..72900c2 --- /dev/null +++ b/terraform/dev.tfvars @@ -0,0 +1,12 @@ +project_id = "gcp-devel-project" +region = "asia-northeast1" +env_name = "dev" + +job_name = "base" +# コンテナイメージ(CI/CDから渡される想定) + +cpu_limit = "1" +memory_limit = "512Mi" +timeout = "1800s" + + diff --git a/terraform/provider.tf b/terraform/provider.tf index fdeb7be..218805c 100644 --- a/terraform/provider.tf +++ b/terraform/provider.tf @@ -1,3 +1,7 @@ +terraform { + backend "gcs" {} +} + # Google Providerの設定 provider "google" { project = var.project_id